Top10 risk 2010

By: Gholamhossein Davani

NYSSCPA,IACPA,CFE,CA
AA,
AIA,
May 2010
Corporate Fraud
Corporate fraud can cover a
wide range of issues, including,
commercial theft, corruption,
misappropriation of trade
secrets/confidential
information, procurement fraud
The most common types of fraud
Fraud detection and reporting are important to any system
of prevention and deterrence .

 asset misappropriation
 corruption
 bribery
 Money Landry
When Economic will go down turn Fraud, corrupt , money
Landry and bribery will up same Hurricane .
IMPACT
Impact: Accountability Standards Raised

Sarbanes-Oxley: US corporate reform law (public

companies)

Institute Internal Auditors proposed new governance

standards

Enhancing corporate control environment - strong ethics

culture- adopting mechanisms to permit reporting
without reprisal
Six Documents That Changed Audit Committee Charters
 1987 The Report of the National Commission on Fraudulent Financial
Reporting , better known as the Tread way report, prepared by the
Committee of Sponsoring Organizations (COSO). Those organizations were
the AICPA, the American Accounting Association, the Financial
Executives Institute, the Institute of Internal Auditors and the Institute of
Management Accountants.
 1988 The Macdonald Report , prepared by the Commission to Study the
Public's Expectations of Audits, formed by the Canadian Institute of
Chartered Accountants.
 1991 The Federal Deposit Insurance Corporation Improvement Act of 1991
(FDICIA), passed by the U.S. Congress in response to the savings and loan
scandals.
 1992 Internal Control, Integrated Framework , published by COSO.
 1993 In the Public Interest, A Special Report , by the Public Oversight
Board (POB) of the SEC practice section of the AICPA division for CPA
firms (the 1993 POB report).
 1995 Directors, Management, and Auditors, Allies in Protecting
Shareholder Interests , by the POB (the 1995 POB report).
FRAUD HOTLINES

FRAUD HOTLINES

– “Organizations with fraud hotlines cut their losses

by 50% per scheme” (Association of Certified Fraud
Examiners, 2002 Report to the Nation)

– Advantages-include deterrence ( perception of

detection) and centralized reporting mechanism

– Disadvantages- include nuisance calls and associated

costs
Which are Top 10 Risk 2010
 Risk management forms an integral part of the business
planning and review cycle. The company’s risk and control
policy is designed to provide reasonable assurance that
objectives are met by integrating management control into the
daily operations, by ensuring compliance with legal
requirements and by safeguarding the integrity of the
company’s financial reporting and its related disclosures. It
makes management responsible for identifying the critical
business risks and for the implementation of fit-for-purpose risk
responses. Philips’ risk management approach is embedded in
the areas of corporate governance, Philips Business Control
Framework and Philips General Business Principles
 Strategic change management
The upheaval of the past year and the desire to seize
opportunities during the recovery will make for a lot of
changes, including mergers, acquisitions, and divestitures.
These shifts leave a lot of room for controls to fall through
the cracks and can create new liabilities
Capacity
Faced with uncertain demand, companies risk both over-
and understaffing. Timing capital expenditures, such
as new facilities or equipment, will also pose a
challenge.
Incentive plans
Compensation is under extreme scrutiny in the wake of
the recession and could pose a risk for public
companies.
Human resources
Layoffs have left many companies with skill gaps and
possible holes in their compliance structures.
Fraud
Widely thought to pick up (or be revealed) in down
times, fraud can be easier to commit at companies that
are short-staffed and under pressure, which would
describe most businesses today
Innovation/R&D
Companies that have cut back in this area during the
downturn risk falling behind their competitors.
Third-party relationships
The collapse of Lehman Brothers opened CFOs' eyes to
just how careful and far-reaching they need to be in
evaluating third parties.
Generally third parties are hole of fraud
Shared services
Under pressure to cut costs, finance executives are
exploring new locations for their back-office functions.
These changes can affect companies' control structures
and processes.
Inflation/Deflation
Currency risk remains an open question for 2010.
Tax management
Recession-scarred states are looking to raise funds
through new taxes and stricter enforcement of existing
tax laws.
Graphical RISK PROFILER
Four Step to follow Risk
 
Stage 1 - Risk and Issue Identification

Stage 2 - Evaluation and Planning

Stage 3 - Risk and Issue Management and Control

Stage 4 - Management Reporting

The main Task of Stage 2
I. confirm the project success criteria
II. prepare the risk breakdown structure (RBS)
III. identify and document potential areas of risk
IV. identify and document potential or known issues
V. allocate risk and issue owners
VI. assess the probability and potential impact of
each risk
VII. assess the impact of each issue
VIII.categorise both the risk and issue
The main Task of Stage 2
I. prepare an approach to risk reduction containing the
mitigation strategies for the risk and specify the
trigger, an event or date that indicates the occurrence
of the risk and the need to initiate the contingency
strategy
II. plan the contingency strategies
III. prepare the Issue management strategies
IV. if appropriate determine any relationships between
risks, other risks and issues
quantify the risks (optional)
V. develop the risk and issue management plan for the
project phase
The main Task of Stage 3
I. initiate the mitigating strategies
II. monitor the activities at risk and invoke the
contingency strategies should the risk manifest itself
III. initiate the issue management strategies
IV. regularly reassess the risks and issues and their
contingency strategies
 
The main Task of Stage 4
I. maintain and generate project objectives and success
criteria
II. generate the project Risk Matrix
III. generate risk reports as appropriate
IV. generate risk data sheets, either individually or for
the whole project
V. maintain the Risk and Issue Register
VI. maintain and publish MS PROJECT plans
VII. generate risk exposure graphs, both Monte Carlo
cumulative probability curves and time based risk
exposure graphs.
Factors of perfect storm’ fraud

1-External auditors are primarily concerned about

MATERIAL fraud in the context of SOX 404 and
financial statement audits.
2-Controls related to SOX section 404 have often been
designed to only prevent and detect MATERIAL fraud
because many companies have had their controls
designed by Big 4 auditors who are primarily trained
to prevent and detect MATERIAL fraud.
Factors of perfect storm’ fraud(2)
3-Segregation of duties is one of the primary means to
prevent fraud and there is little consensus about best
practices related to segregation of duties (SOD), even
several years since SOX went into effect.
4-SOD testing is primarily focused on system controls
and is driven by IT auditors.
5-Processes and testing of internal controls are well-
documented, leaving those wishing to commit fraud to
know which dark alleys to choose in order to commit
fraud.
Factors of perfect storm’ fraud (3)
6-Most SOD testing fails to take into account process
outside the system and ways actual theft can occur.
7-Many companies have implemented new ERP systems
in the past 10 years and ERP systems have been
primarily architected for efficiency, not with an
internal controls focus.
8-ERP systems have primarily been implemented by
those who have little skills in the design or
implementation of internal controls.
External auditors focus on MATERIAL fraud risk

The need for SOX originated from fraud that led to the
misstatement of financial statements.   The significance of
the fraud was that it DID cause financial statements to be
misstated and, in several cases resulted in the collapse or
bankruptcy of the company.  External auditors will always
be primarily focused on whether or not a company’s
financial statements are materially accurate.  They have no
exposure or accountability for fraud that is committed
below the materiality threshold.  It is up to management to
design or redesign controls to catch sub-material fraud. 
 
Section 404 controls are designed to prevent MATERIAL
misstatement

In many cases, a company’s internal controls over financial

reporting have been developed by a Big 4 firm other than their
external auditor.  These controls have been designed to prevent
MATERIAL misstatements in a company’s financial
statements.  For example, a company we consulted with allowed
their AP clerks to both enter suppliers and enter AP invoices
against those suppliers.  The primary mitigating control,
designed by a big 4 firm, for such access was a review of a Final
Payment Register and supporting documentation for all checks
over $30,000.  This control was a reasonable control to prevent
MATERIAL fraud, but left the company exposed to fraud below
the $30,000 level. 
 
What is Fraud Risk Analysis?

Fraud risk analysis is an assessment process to

determine the likelihood of a fraud being committed,
what can be done to prevent it, and which that
prevention technique is commercial to undertake. Once
the risk of losses from fraud and actions to prevent that
fraud have been identified, controls based on a
cost/benefit analysis they must determine.
Risk assessment identifies fraud risks and helps
determine what controls should be implemented. It is
similar to finding the biggest leaks and plugging them
in the most commercial manner.
Conducting a Fraud Risk Assessment

Seven actions or decisions are used to determine a level of risk, the likelihood
of a loss, possible controls, and the cost of implementing these controls. They
apply to any type of risk, not just the risk of loss from fraud. These are:
1. Determine what threats face the business, in the different areas of the
business;
2. Estimate the likelihood of a loss occurring from each particular threat;
3. Estimate the quantum of any loss from each particular threat;
4. Determine what control procedures could be applied to prevent or detect that
particular threat;
5. Estimate the costs of implementing and maintaining each control;
6. Decide whether the cost of a control is worth the benefit of having the
control;
7. Implement controls where cost / benefit assessment is favorable or desirable.
Four general steps for Risk Fraud actions or
decisions
1. Identify the possible threats
2. Estimate the risk of that threat
occurring and the potential loss
3. Identify potential controls
4. Conduct a cost / benefit
analysis
Why fraud against organizations is a costly business
problem

 Fraud Losses Reduce Net Fraud Robs Income

Income $ for $
 If Profit Margin is 10%,
Revenues Must Increase by
10 times Losses to Recover Revenues $100 100%
Expenses 90 90%
Affect on Net Income
Net Income $ 10 10%
 Losses……. $1 Million
Fraud 1
 Revenue….$1 Billion Remaining $ 9

To restore income to $10, need $10 more

dollars of revenue to generate $1 more
dollar of income.
Why fraud against organizations is a costly business
problem

General Motors Bank

$436 Million Fraud
Profit Margin = 10%
$4.36 Billion in Revenues
Needed
At $20,000 per Car,
218,000 Cars
$100 Million Fraud
Profit Margin = 10 %
$1 Billion in Revenues
Needed
At $100 per year per
Checking Account, 10
Million New Accounts
 Largest Bankruptcy Filings
(1980 to Present)

from BankruptcyData.com

Company Assets When Filed

(Billions)
1. WorldCom $103.9 July 2002
2. Enron $63.4 Dec. 2001
3. Conseco $61.4 Dec. 2002
4. Texaco $35.9 April 1987
5. Financial Corp of America $33.9 Sept. 1988
6. Global Crossing $30.2 Jan. 2002
7. PG&E $29.8 April 2001
8. UAL $25.2 Dec. 2002
9. Adelphia $21.5 June 2002
10. MCorp $20.2 March 1989
How to integrate fraud topics into accounting
courses
 What is an asset—WorldCom
 What are revenues—Lincoln Savings & Loan
 What is an expense—Tyco
 What is an entity—Enron
 When is an auditor not independent—Waste Management
 What is a reserve—Waste Management
 What is a liability—Adelphia
 Internal controls—fraud against organizations (Sumitomo, etc.)
 See the AICPA Fraud Education Integration Matrix
http://www.aicpa.org/antifraud/educators_students/integrate_curriculum/framewor
k_for_study/140.htm
 Cases in which Prof. Albrecht testified
Case Year Nature Named Parties Size State of Work

A 2003 Fraud by Executives AA $billions New York

B 2003 Fraud by Executives BB $2.8 billion Chicago

C 2003 Fraud by Executives CC $400 million Florida

D 2002 Hedge Fund Fraud DD $150 million Florida

E 2002 Fraud by Executives EE $2.8 billion Illinois

F 2001 Fraud by Vendor FF $210 million Texas

G 2001 Commodities Trading Fraud GG $2.6 billion New York/Tokyo

H 2001 Fraud by Executives HH $65 million Florida

I 2001 Fraud by Major Stockholders II $11 million Utah

J 2000 Fraud by Executives JJ $400 million Illinois

K 2000 Fraud by Executives KK $600 million Illinois

L 1999 Fraud by Customer LL $5 million Utah

M 1998 Fraud by Executives MM $95 million. Georgia

N 1998 Fraud by Executives NN $240 million Illinois

 M&A
Citigroup claimed the title of top global financial advisor for announced M&A transactions,
advising on 80 transactions valued at over US$340.7 billion in Q1 2006. This represented a
244% increase in deal volume from the comparable time period last year. Goldman Sachs
ranked second with US$337.5 billion in M&A activity while JP
Morgan rounded out the top three with deals valued at US$274 billion.
(US$m)
1. Citigroup $340,671
2. Goldman Sachs $337,456
3. JP Morgan $274,044
4. Lehman Brothers $265,487
5. Merrill Lynch $224,324
6. UBS $208,724
7. Morgan Stanley $196,630
8. Deustche Bank $165,511
9. BNP $145,809
10. Rothschild $133,209
11. Credit Suisse $131,699
12. Evercore $120,162
13. HSBC $114,209
14. Lazard $95,866
15. Rohatyn $89,432
16. Calyon $72,208
17. ABN AMRO $70,721

37
Fraud Experienced by survey respondents
by sector
Global Key Risk & Themes 2006-2010
2006 2007 2008 2009 2010

Asset Asset Asset Asset price collapse Further falls in asset

Price/Indebtedness Price/Indebtedness price
Chinese growth Chinese growth Chinese growth Chinese growth Chinese growth
slowing to <6% slowing to <6% slowing to <6% slowing to <6% slowing to <6%
Fiscal Crisis Fiscal Crisis Fiscal Crisis Fiscal Crisis Fiscal Crisis

Oil Price Oil Price Oil Price Global governance Global governance
Spikes/supply shocks Spikes/supply shocks Spikes/supply shocks gaps gaps

US current account US current account Rising and Volatile Chronic diseases Chronic diseases
Deficit/fall in US$ Deficit/fall in US$ food prices
Critical infrastructure An abrupt, Increase resources
major fall in the value related risk(water land Underinvestment in
of the US$ & energy) infrastructure

Corporate Fraud& Money Laundry

Money Laundry
UK Bribery Act - New legislation
affecting UK business April 2010
 Giving a bribe: offering, promising or giving an advantage,
financial or otherwise, to another person to bring about
improper performance or reward.
 Receiving a bribe: requesting, agreeing to or receiving an
advantage linked to an intended improper performance or
reward.
 Bribing a private or public official: offering, promising or
giving bribes directly/indirectly to a private or public
official to obtain or retain business or a business advantage,
intended to influence the decision and gain an advantage.
 Negligently failing to prevent a bribe: a person*
performing services for the company bribes another person
in connection with the business and those responsible for
preventing bribery1, negligently fail to do so.
 Warren Buffett
Chairman’s Letter to shares holders of Berkshire Hathaway

Financial instruments are time bombs and "financial weapons of mass

destruction” their buyers and sellers, but the whole economic system.
Large amounts of risk have become concentrated in the hands of relatively
few derivatives dealers ... which can trigger serious systemic problems .
During the past 37 years, the company has delivered an average annual return
of 22.6%. Since 1965 the company's book value has gone up by 194,936%.

BBC News-Tuesday, 4 March, 2003

42 Dayarayan Auditing & Financial Services Firm

 Some Figures and Statistics
Global equity capital $51.2 trillion (Wikipedia: Reuters March
2007) $165 trillion "total traded securities" (Economist,
19/01/2008)
Global physical trade
Daily ForEx trade volume $3.2 Trillion (BIS 2007)
Total Derivatives Nominal $516 trillion (BIS 2007)
Total Derivatives Value $11.1 trillion (BIS 2007)
Total Swaps Nominal $408 trillion, 79% of all derivatives
% Interest Rate Swaps 75 (BIS 2007)

43 Dayarayan Auditing & Financial Services Firm

Sources
1-AuditNet: The Global Resource for Auditors - Fraud
Article
www.auditnet.org/articles/JTH200810.htm
2- Current Trends in Fraud and its Detection
http://www.informaworld.com/smpp/content~content=a7
91772911&db=all
3- Climate change: sailing through the perfect storm
www.telegraph.co.uk/.../Climate-change-sailing-
through-the-perfect-storm.html